TIBCO Spotfire Web Player Cross Site Scripting and Security Bypass Vulnerabilities
BID:58491
Info
TIBCO Spotfire Web Player Cross Site Scripting and Security Bypass Vulnerabilities
| Bugtraq ID: | 58491 |
| Class: | Unknown |
| CVE: |
CVE-2013-2372 CVE-2013-2373 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2013 12:00AM |
| Updated: | Mar 13 2013 12:00AM |
| Credit: | TIBCO |
| Vulnerable: |
TIBCO Spotfire Web Player 4.0.2 TIBCO Spotfire Web Player 4.0.1 TIBCO Spotfire Web Player 3.3.1 TIBCO Spotfire Web Player 5.0.0 TIBCO Spotfire Web Player 4.5.0 |
| Not Vulnerable: |
TIBCO Spotfire Web Player 3.3.3 TIBCO Spotfire Web Player 5.0.1 TIBCO Spotfire Web Player 4.5.1 TIBCO Spotfire Web Player 4.0.3 |
Discussion
TIBCO Spotfire Web Player Cross Site Scripting and Security Bypass Vulnerabilities
TIBCO Spotfire Web Player is prone to a cross-site scripting vulnerability and a security bypass vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
The following products are affected:
TIBCO Spotfire Web Player versions prior to 3.3.3
TIBCO Spotfire Web Player 4.0.X and versions prior to 4.0.3
TIBCO Spotfire Web Player 4.5.0
TIBCO Spotfire Web Player 5.0.0
TIBCO Spotfire Web Player is prone to a cross-site scripting vulnerability and a security bypass vulnerability.
Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and perform certain administrative actions in the vulnerable application.
The following products are affected:
TIBCO Spotfire Web Player versions prior to 3.3.3
TIBCO Spotfire Web Player 4.0.X and versions prior to 4.0.3
TIBCO Spotfire Web Player 4.5.0
TIBCO Spotfire Web Player 5.0.0
Exploit / POC
TIBCO Spotfire Web Player Cross Site Scripting and Security Bypass Vulnerabilities
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
References
TIBCO Spotfire Web Player Cross Site Scripting and Security Bypass Vulnerabilities
References:
References:
- Security Advisories for TIBCO Products (TIBCO)
- TIBCO Homepage (TIBCO)
- TIBCO Spotfire Web Player vulnerabilities (TIBCO)